The problem applies to all games on the Source engine. And the vulnerability itself is in the Steam invitation system, and allows a hacker to get information about any user, if he accepts the invitation. Moreover, this method can be implemented as part of the invitation to the community. Then several accounts are already at risk.
At the same time, hackers have been publishing data on the vulnerability for several months, but it has not yet been fixed. It was also stated that Valve was trying to prevent disclosure of the exploit data.
It is not yet clear when the company will fix the problem, as many such situations drag on for years.